1 / 13

Revealing the attack

Revealing the attack. Arve Føyen, Advokat. Simonsen Føyen Advokatfirma DA. and when to report …………. 20.10.2004. Overview. The development of our case Is the case typical? What can the company do? Conclusion. The development of our case.

gerard
Download Presentation

Revealing the attack

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Revealing the attack Arve Føyen, Advokat Simonsen Føyen Advokatfirma DA and when to report ………….. 20.10.2004

  2. Overview • The development of our case • Is the case typical? • What can the company do? • Conclusion

  3. The development of our case • The systems asministrator discovers that a lot of damage has been done • Teh attack seems to come from one of the emplyees’ computers • The employee pleads innocent, even though he was at home and logged onto thkrough the VPN at the time • All hacker tools are found onthe computer, and have been there for some time • There are traces of a Trojan/back door on the computer

  4. Is our case typical? • ”Back doors” like a VPN connection from a home computer are a new phenomenon, found incresingly often • The hackers usually use ”minste motstands vei” – the easiest way • Direct attacks are the most comon • Networks are a weak point • Social hacking • Corruption

  5. What can the company do? • Nothing – try to repair the damage • Private persecution – internal case • Report to the police • Make sure it doesn’t happen again learning by making mistakes

  6. 1. Do nothinbg • The damage is done – so let’s make the best out of it ” • Consequences • No protection – no reaction against the hacker, or internally in the company • ”Cleaning up” deletes all evidence and important traces

  7. Private persecution • Strprl. § 176 – catching someone redhanded: ”fersk gjerning eller ferske spor” • The police can use methods that in other cases would violate provacy • Private persecution – no alternative • Companies do npt want publicity

  8. Report to the police • The only way to try the case • The company must be prepared for publicity • The company must live with the result, even if the case is not brought to court

  9. Should one always report computer crime? • What to gain? • Allmennprevensjon – general prevention • Greater chance to reveal crime • Risks • Exposing security holes • Inspiration for other hackers? • Negative publicity

  10. Report cont. • What is best for the company? • What is in the interest of the customers? • Consider the employees and the working environments

  11. Prevent the same from happening again • Learning from your mistakes is as important as preventing them • Do not delete evidence and traces • Information about steps taken for protection must be part of the media strategy (how to tackle the press) • Remeber: Too much information may weaken information security

  12. Conclusion • Companoes must learn to live with the threat to security • Important for the security work, also tp be on the alert in case of damage ( ”uhellet er ute”)

  13. Spørsmål? • Vi i Simonsen Føyen hjelper dere gjerne! • Arve Føyen • arve.foyen@simonsenfoyen.no • 21 95 55 96/918 19 962

More Related